GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,587
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,988
Maven 5,170
npm 3,704
NuGet 661
pip 3,332
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,190

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

104 advisories

Filter by severity

Sort by

Least recently updated

The origin of an external protocol handler prompt could have been obscured using a data: URL... Moderate Unreviewed

CVE-2024-10460 was published Oct 29, 2024

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed... Moderate Unreviewed

CVE-2024-7978 was published Aug 21, 2024

Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed... Moderate Unreviewed

CVE-2022-4917 was published Jul 29, 2023

An attacker could have abused XSLT error handling to associate attacker-controlled content with... Moderate Unreviewed

CVE-2022-38472 was published Dec 22, 2022

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the... Moderate Unreviewed

CVE-2020-15652 was published May 24, 2022

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... Moderate Unreviewed

CVE-2024-44187 was published Sep 17, 2024

There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate... Moderate Unreviewed

CVE-2024-22062 was published Jul 9, 2024

Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent... Moderate Unreviewed

CVE-2023-5973 was published Apr 5, 2024

Lack of validation of origin in federation API in Conduit, allowing any remote server to... Moderate Unreviewed

CVE-2024-6301 was published Jun 25, 2024

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to... Moderate Unreviewed

CVE-2023-30996 was published Feb 26, 2024

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between... Moderate Unreviewed

CVE-2024-2182 was published Mar 12, 2024

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via... Moderate Unreviewed

CVE-2023-5718 was published Oct 23, 2023

The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A... Moderate Unreviewed

CVE-2021-26737 was published Oct 23, 2023

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS... Moderate Unreviewed

CVE-2023-44190 was published Oct 12, 2023

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS... Moderate Unreviewed

CVE-2023-44189 was published Oct 12, 2023

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to... Moderate Unreviewed

CVE-2023-4045 was published Aug 1, 2023

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the... Moderate Unreviewed

CVE-2023-30949 was published Jul 26, 2023

In notification access permission dialog box, malicious application can embedded a very long... Moderate Unreviewed

CVE-2023-21260 was published Jul 13, 2023

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that... Moderate Unreviewed

CVE-2023-2639 was published Jun 13, 2023

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab... Moderate Unreviewed

CVE-2023-23601 was published Jun 2, 2023

A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension... Moderate Unreviewed

CVE-2019-1413 was published May 24, 2022

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for... Moderate Unreviewed

CVE-2019-5062 was published May 24, 2022

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection... Moderate Unreviewed

CVE-2019-16275 was published May 24, 2022

Images from a different domain can be read using a canvas object in some circumstances. This... Moderate Unreviewed

CVE-2019-9817 was published May 24, 2022

If WebRTC permission is requested from documents with data: or blob: URLs, the permission... Moderate Unreviewed

CVE-2019-9808 was published May 24, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

104 advisories